On Tue, May 31, 2016 at 9:45 AM, Francis Daly <francis at daoine.org> wrote:
> On Tue, May 31, 2016 at 09:23:36AM -0400, Larry Martell wrote:
>> On Tue, May 31, 2016 at 7:55 AM, Larry Martell <larry.martell at gmail.com> wrote:
>> >>> On Sat, May 28, 2016 at 12:48 PM, Larry Martell <larry.martell at gmail.com>
>> >>> wrote:
>> Hi there,
>>> >>>> Is there any way with nginx to check a request's headers and send back
>> >>>> a 401 if the headers are not proper?
>>> > Looking with tcpdump I do not see that header field set. The request
>> > is coming from a django app which is doing a redirect and I set the
>> > header before the redirect. Guess I have to debug from that side.
>>>> I traced the django code all the way through to when the response is
>> going out and I see this:
>>>> (Pdb) response._headers
>> {'x-capdata-auth': ('X-Capdata-Auth', 'authorized'), 'content-type':
>> ('Content-Type', 'text/html; charset=utf-8'), 'location': ('Location',
>> 'http://foo.bar.com:8000/workitem/12345'), 'vary': ('Vary', 'Cookie')}
>>>> Any one have any ideas as to why it doesn't seem to make it over to nginx?
>> There is a request from the client to nginx.
>> There is a response from nginx to the client.
>> There can be a request from nginx to its upstream, and a response from
> upstream to nginx.
>> Any of those requests and responses can include headers.
>> In your architecture, what "header" do you care about?
>> That should tell you which variable value to check.
>>http://nginx.org/r/$http_
>>http://nginx.org/r/$sent_http_
>>http://nginx.org/r/$upstream_http_
>> are three different families of variables set within nginx.
>> Possibly one of them covers what you want?
There are 2 ways requests get to port 8000, which is the port I want
to check headers on.
One is via a C++ Qt app, and the other is from a python django app.
The C++ app sends the request directly to port 8000. With the django
app a request is sent to port 8004 and django sends a 301 redirect to
8000. In both cases the header field X-Capdata-Auth is set. And in
neither case does my config pick that up. This is what I have:
map $http_x_capdata_auth $not_auth {
default 1;
"authorized" 0;
}
Is that the correct way to check for that header value?
Is there a way for me to dump the headers that it sees on requests to port 8000?